This entry was posted in Wordfence, WordPress Security on September 12, 2017 by Mark Maunder If you have a plugin called “Display Widgets” on your WordPress website, remove it immediately. The last three releases of the plugin have contained code that allows the author to publish any content on your site. It is a

Apache .htaccess 301 redirect is a server side redirect and is a permanent redirect. The .htaccess file is an Apache server configuration file. The .htaccess file is used per directory. Using .htaccess file reduce server performance. .htaccess use should be avoided when you have access to the Apache server main configuration file httpd.conf. Shared hosting websites usually don’t have access to httpd.conf file

When using WooCommerce, it will by default add a form for the client to enter his billing details. Now for some cases we might not want that, for example when purchasing a simple virtual product. We just want to send the user to PayPal without any hassle. There is no

Most ransomware targets Windows workstations. However, the Wordfence team is currently tracking an emerging kind of ransomware that targets WordPress websites. During our analyses of malicious traffic targeting WordPress sites, we captured several attempts to upload ransomware that provides an attacker with the ability to encrypt a WordPress website’s files and then extort

This is a public service announcement from the Wordfence team regarding a security issue that has a wide impact. During the past 3 months, eight Chrome browser extensions were compromised and the attacker used them to steal Cloudflare credentials and serve up malicious ads. This post discusses exactly what happened,

Last week our team attended Black Hat and DefCon in Las Vegas, two of the biggest information security conferences on earth. DefCon alone attracts approximately 20,000 information security professionals, researchers, government employees and fans. To say it is very busy is an understatement. One of the interesting presentations at DefCon this year discussed a

Updated 3:19PM Pacific Time: A method to ‘vaccinate’ yourself against this ransomware variant has been found. I have posted details towards the end of the post along with a batch file you can run. It is as simple as creating the file C:\Windows\perfc and marking it read-only. Update 2 at 7pm

This is a public service announcement from Wordfence. We are sending this notice to the WordPress community due to the widespread nature and potential severity of this security issue. It has a high likelihood of impacting some of our readers and requires immediate action on their part. Single sign-on provider OneLogin